package dao;

import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import model.UserModel;
import model.UserProfile;

public class User {
	private UserModel user;

	public UserModel Login(String userName, String password)
			throws NoSuchAlgorithmException 
	{
		Connection con = new Connect().getConnection();
		String sql = "SELECT * FROM USERF WHERE USERNAME = '" + userName
		+ "' AND PASSWORD = '" + password + "'";
		try {
			PreparedStatement state = con.prepareStatement(sql);
			ResultSet rs = state.executeQuery();
			if (rs.next()) {
				user = new UserModel(rs.getInt("id"),
						rs.getString("username"),
						rs.getString("password"),
						rs.getString("email"),
						rs.getBoolean("role"));
			}
			con.close();
		} catch (SQLException e) {
			e.printStackTrace();
		}
		return user;
	}
	
	public boolean checkUser(String userName)
								throws NoSuchAlgorithmException 
	{
		Connection con = new Connect().getConnection();
		String sql = "SELECT * FROM USERF WHERE USERNAME = '" + userName
		+ "'";
		try {
			PreparedStatement state = con.prepareStatement(sql);
			ResultSet rs = state.executeQuery();
			if (rs.next()) {
				user = new UserModel(rs.getInt("id"),
						rs.getString("username"),
						rs.getString("password"),
						rs.getString("email"),
						rs.getBoolean("role"));
			}
			con.close();
		} catch (SQLException e) {
			e.printStackTrace();
		}
		return (user == null ? false : true);
	}
	
	public boolean AddUser(UserModel model, UserProfile profile) throws NoSuchAlgorithmException 
	{
		if(model == null || profile == null) return false;
		Connection con = new Connect().getConnection();
		String sqlUser = "Insert into userf values(N'" 
					+ model.getUsername() + "','"
					+ model.getPassword() + "','"
					+ model.getEmail() + "','False')";
		
		try {
			PreparedStatement  state = con.prepareStatement(sqlUser, Statement.RETURN_GENERATED_KEYS);
			int id = state.executeUpdate();
			ResultSet rs = state.getGeneratedKeys();
			if (rs.next()) {
				int idGenerate = (int) rs.getLong(1);
				//add profile of new user
				String sqlProfile = "Insert into userprofile values('" 
					+ idGenerate + "','"
					+ profile.getName() + "','"
					+ "','" //last name
					+ profile.getAddress() + "','"
					+ profile.getTel() + "')";
				state = con.prepareStatement(sqlProfile);
				state.executeUpdate();
			}
			con.close();
			return (id == -1 ? false : true );		
		}catch (SQLException e) {
			e.printStackTrace();
		}
		return false;
	}
	
	public boolean RestorePwd(String email) {
		Connection con = new Connect().getConnection();
		String sql = "SELECT ID FROM USERF WHERE EMAIL = '"
				+ email + "'";
		try {
			PreparedStatement state = con.prepareStatement(sql);
			ResultSet rs = state.executeQuery();
			if (rs.next()) {
				return true;
			}
			con.close();
		} catch (SQLException e) {
			e.printStackTrace();
		}
		return false;
	}

	public void updatePassword(String email, String newPassword)
			throws NoSuchAlgorithmException {
		Connection con = new Connect().getConnection();
		String sql = "UPDATE USERF SET PASSWORD = '"
				+newPassword + "' WHERE EMAIL = '" + email + "'";
		try {
			PreparedStatement state = con.prepareStatement(sql);
			state.executeUpdate();
			con.close();
		} catch (SQLException e) {
			e.printStackTrace();
		}
	}

	public boolean updateSystem(int userId, String username, String email,
			String newPassword) throws NoSuchAlgorithmException 
		{
		Connection con = new Connect().getConnection();
		String sql = "";
		if (newPassword != "") {
			sql = "UPDATE USERF SET USERNAME = '" + username
					+ "', EMAIL = '" + email + "', PASSWORD = '"
					+ newPassword + "' WHERE ID = '" + userId
					+ "'";
		} else {
			sql = "UPDATE USERF SET USER = '" + username
					+ "', EMAIL = '" + email + "' WHERE ID = '"
					+ userId + "'";
		}
		try {
			PreparedStatement state = con.prepareStatement(sql);
			state.executeUpdate();
			con.close();
			return true;
		} catch (SQLException e) {
			e.printStackTrace();
		}
		return false;
	}
}
